10. NT Protocols

The 4 layer model of TCP/IP is often called the Four Layer Model or the Department of Defense (DOD) Model. The protocols that can run within TCP/IP include SNMP, WinSock, NetBIOS over TCP/IP (NetBT), TCP, UDP, ICMP and ARP.

Manual configuration of TCP/IP requires the IP Address, the Subnet Mask and the Default Gateway for a routed network.

If a Dynamic Host Control Protocol (DHCP) server exists on the network, then the IP address, the subnet mask and the default gateway can be requested by the client on bootup.

The following list details the TCP/IP utilities available:

Ping (Packet InterNet Groper). First ping the loopback address 127.0.0.1 to test that TCP/IP is installed correctly then the computer interface, then the default gateway and finally the remote host.
FTP
TFTP
Telnet
Remote copy Protocol (RCP)
Remote Shell (RSH)
Remote Execution (REXEC) - runs a process on a remote computer
Finger - retrieves system information from a remote computer.
Internet Explorer
ARP
Ipconfig - This is Winipconfig in Win 95. If a duplicate IP address exists then Ipconfig /all will return a subnet mask of 0.0.0.0.
Nbstat - displays statistics and connections using NetBIOS over TCP/IP
Netstat - displays TCP/IP statistics and connections
Route - routing table which can be modified
Hostname - RCP, REXEC and RSH use the computers hostname for authentication.
Tracert

The IP services FTP, HTTP and Gopher are on the CD and are not automatically installed. The TFTP and Telnet Servers are obtained from the Internet.

The following commands are used to discover the TCP/IP environment:

hostname
arp -a < ip address > - displays the arp table.
arp -d < ip address > - deletes the entry for the specified IP address.
arp -N < server > - displays the arp table for the specified server.
arp -s < ip address physical address > - adds an entry to the arp table.
ipconfig /all - shows the TCP/IP options in detail.
ipconfig /release
ipconfig /renew - forces a DHCPREQUEST
nbstat -a < name > - list the NetBIOS name table (HOSTS file) for the remote computer specified.
nbstat -A < ip address > - as above but specified by IP address.
nbstat -c - list names and IP addresses in the local NetBIOS cache.
nbstat -n - list all the NetBIOS names for the local computer (those used by the various services).
nbstat -r - NetBIOS statistics.
nbstat -R - reloads the local NetBIOS cache.
nbstat -s - lists currently open NetBIOS sessions by name.
nbstat -S - lists currently open NetBIOS sessions by IP address.
net start < service > - starts a network service such as FTP server, SNMP, HELPER etc.
net stop < service > - stops a network service.
netstat -a - displays list of active ports and connections.
netstat -e - displays statistics for ethernet adapters.
netstat -n - displays IP addresses rather than host names in statistics.
netstat -p < protocol > - displays information for a specific protocol such as TCP, UDP or IP.
netstat -r - displays the routing table and connections and ports.
netstat -s - displays separate lists of statistics for each protocol.
nslookup < hostname > - resolves the IP address to the host name.
nslookup < IP address > - resolves the host name to the IP address.
nslookup < server > - uses a specified DNS server instead of the default.
ping -a - displays the host names rather than the IP address.
ping -f - sends non-fragmented packets.
ping -i < ttl > - specifies the Time to Live for the ping packets.
ping -l < size > - specifies the size of the data buffer.
ping -n < number > - specifies the number of packets to send.
ping -r < number > - records the route for the specified number of hops.
ping -s < number > - records time stamps for the specified number of hops.
ping -t - continuous pings.
ping -w < seconds > - specifies the timeout in milliseconds to await a reply.
route add - add a route to the routing table in the form IP address and next hop.
route change - change an existing entry.
route delete - delete an entry.
route print - display the routing table.
route -f - flushes the routing table.
route -p - adds a permanent route which is not lost in a reboot.
tracert -d - displays the route without resolving IP addresses to host names.
tracert -h < hops > - specifies the number of hops used to reach the destination.
tracert -j < hosts > - specifies a list of hosts to which to route along.
tracert -w < timeout > - specifies a timeout (ms) to wait for a reply from each intermediate host.

You use the Services tab in the Network program to up date services and NT has the services DHCP, DNS, WINS and Computer Browser. (Service Pack 3 contains revised DNS, DHCP and IIS 3.0).

The DHCP server must have it's own statically assigned IP address, mask and default gateway. If the routers do not support RFC 1542, then a DHCP server is required on each subnet (IP Forwarding allows DHCP/Bootp broadcasts to be sent across subnets, this often called a Relay Agent).

The DHCP Scope is the pool of addresses used to assign to stations running Win 95, 3.11, LAN Manager and NT 3.5. The four phases are as follows:

IP lease request - Discovery by the client.
IP lease offers - Offer by the server.
IP lease selection - The client selects the first IP address and Requests to use it.
IP lease acknowledgement - The IP address is assigned and the server Acknowledges.

When selecting the DHCP server the computer has to be restarted. You create the scope by running DHCP Manager in the Administrative Tools menu. You can create a start and end address with a subnet mask as well as start and end addresses for excluded IP addresses. You can also determine the time that the lease is available for. In addition, you can decide to Activate the scope at a later time.

The subnet mask of the scope MUST be the same as that on the server. It is recommended to have more than one DHCP server and to have separate parts of the scope on separate servers. You are not allowed to have two scopes within one subnet. In the DHCP Options Global you can set other settings such as the default gateway, addresses of DNSs and NetBIOS name servers.

On the client PCs you can use Ipconfig to release IP addresses back to the DHCP server.

Windows Internet Name Server (WINS) resolves NetBIOS names to IP addresses dynamically. Alternatively, LAN Manager Host Files (LMHost) are a manual way of doing the same job. You install WINS from the Services tab but you need to restart the computer for it to function. WINS Manager in the Administrative Tools menu is used to configure the WINS server. The WINS server requires a static IP address and it is recommended that it point to itself as the primary and secondary WINS server in the domain.

WINS-enabled computers such as Win 95 or Win 3.11 use WINS directly. Clients that do not have WINS enabled can resolve their names via WINS-enabled computers called Proxies. On bootup the client registers its NetBIOS/IP mapping with the WINS, then any communication with other NetBIOS clients is direct rather than broadcasted. If the WINS goes down then the clients revert to b-node and broadcast NetBIOS queries.

Domain Name Service (DNS) is a tree structure providing a hierarchical naming system for identifying hosts on the Internet. The Domain is NOT the NT Directory Services domain but an Internet Domain which is unique and identifies an Internet site. A domain can contain sub-domains provided that the name is uniques within the domain. The root of the DNS tree is at the top and is represented by a dot . . Each node from then on can have a name of up to 63 characters. The domain name www.microsoft.com. has the root indicated by the end dot (this is optional), the domain name com represents the Company Domain, the sub-domain is microsoft and the www is the server, which could be ftp or some other protocol. The dots separate the node names.

The DNS server resolves the domain name to an IP address by following these steps:

A resolver (client) queries the local DNS server to resolve a Fully qualified Domain Name (FQDN).
The local DNS server queries the DNS root server.
The root server refers the query to a domain server e.g. for the COM domain.
The local DNS server queries the domain server.
The domain server refers the query to the Universal name server which runs DNS and WINS. WINS resolves the host name part of the FQDN (e.g. www) and send the IP address back to the Universal Name Server which forwards it to the local DNS server and then on to the client.

The addition of Microsoft DNS Server is done in the Services tab of the Network program, the computer will need to be restarted. DNS Manager in Administrative Tools is used to configure DNS objects.

Objects that can be managed by DNS Manager are the following:

DNS Resource Record which contains the actual information and the three properties Owner (DNS domain or host), Class (mostly Internet class) and TTL.
DNS Domain a node in the tree containing all the Resource Records.
DNS Zone a subtree that may contain one domain or a domain with subdomains.
DNS Server
Server List - DNS servers that can be managed with DNS Manager.

The DNS tab on the client machine is used to insert the domain name for the client and IP addresses in their search order, for the DNS servers.

The DNS Servers option in DHCP manager can be used to provide Internet name resolution for DHCP clients.

Microsoft DNS and WINS can integrate. In DNS Manager use the WINS Lookup tab and click Use WINS Resolution.

The Computer Browser Service is the way in which NT displays a list of the resources available. This Browser list is maintained centrally by a specific computer assigned to the task, this saves all computers having to compile the list and saves on network bandwidth. The browser service can operate on any layer 3 protocol.

The roles of the computers are:

Domain Master Browser - this is the PDC and distributes the master list to the master browsers on each subnet in a domain.
Master Browser - collects the list of resources, shares it with the Domain Master Browser and the Backup Browser.
Backup Browser - recieves the browse list from the Master Browser and distributes the list to the Browser Clients when requested.
Non-Browser - configured not to maintain a browse list.

Master Browsers talk to one another under TCP/IP and can be NT Workstation.

The Browser Service operates thus:

Computers running the server service announce themselves to the Master Browser.
The first time a client tries to find resources, it queries the Master Browser for a list of Backup Browsers in the domain subnet.
The client requests a server list from any Backup Browser that responds.
The Backup Browser responds with the list.
A session is setup with the appropriate resource.

There is only ever one Master Browser in a domain. The Election Packet is broadcast whenever a Master Browser is not available. When a Browser receives the Election packet it compares the election criteria with its own, if its own criteria are higher, then it sends its own election packet and so on until the one with the highest criteria is elected as the Master Browser. The criteria include things like the Operating System, the version number, alphabetical order of computer name and the 'configured role'. The PDC overrides all.

A network resource is announced every 12 minutes. If the Master Browser does not hear an announcement for 3 x 12 = 36 minutes then the resource is dropped. The Master Browser sends out the resource list to the Backup Browsers every 15 minutes. It is conceivable that a resource could be down for 36 + 15 = 51 minutes before it is finally removed from the resource list and no longer displayed in Explorer.

The registry setting:

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList can be used to configure an NT computer to be a browser, to not be a browser or be a Potential Browser

NWLink supports NetBIOS over IPX, WinSock and RPCs. Used for clients wishing to access client/server applications running on a Netware or NT server.

File and Print Services for Netware is required on an NT server to allow Netware clients access to file and print services on an NT network.

NWLink is configured through NWLink IPX/SPX Properties and requires a frame type to be configured. The default frame type for Netware 2.2 and 3.11 is 802.3 whereas Netware 3.12 onwards uses 802.2. Other frame types supported are Ethernet II and Sub Network Access Protocol (SNAP). Token Ring uses 802.5 and SNAP and FDDI uses 802.2 and SNAP.

Automatic frame detection is fine for 802.2 other frame types may be missed. Manual frame detection allows NT to use multiple frame types simultaneously.

The command ipxroute config displays the network number, the frame type and the device. If FPNW is configured the IPX network number can be set, otherwise it can be set in the registry using the network number and the packet type as follows:

0 - Ethernet II
1 - Ethernet 802.3
2 - 802.2
3 - SNAP
4 - ArcNet
FF - Auto-detect (default)

The registry location is HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet\Services\NwLnkipx\NetConfig\adapter name

The default internal network number of 00000000 needs to be set to a unique value if FPNW is installed using multiple adapters or frame types, or SAP is being used for applications such as SQL.

Enabling RIP allows the NT box to act as a router.

NetBeui uses 30% more bandwidth than TCP/IP and is not routable, it is designed for networks of 20-200 computers. It is dependent on broadcasts for name discovery and name registration.

Binding protocols can be done in different orders, the most used protocols should be first. For instance routable protocols could be bound to the server whilst all the protocols could be bound to the workstations.

Go to 11. Remote Access Service

Home

Disclaimer